Retail Cyberthreat Summit: Insights and Strategies from Industry Experts

transcript

A Global Leader in Secure Remote Access

www.netop.com

info.us@netop.com

(866) 725-7833

ABOUT NETOP

The world’s leading companies choose Netop

24%World Top 100 Retailers

60%Financial Times Top 100

42% World Top 50 Banks

50%Fortune 100

ABOUT NETOP

end-users

customers

connections / day

Retail Cyberthreat Summit

Identifying and Securing

Threat Vectors

Human error is a leading source

of opportunity for cybercrime

Threats

DISCOVERABILITY

If a device is discoverable,

a device is vulnerable.

Threats

REMOTE ACCESS

Remote access points are the

target of choice for

cybercriminals.

Threats

Remote Access

Secure 1. Segment your network

Segment your network

Remote Access

Secure

Segment your network Encrypt your data

1. Segment your network

2. Encrypt your data

Remote Access

Secure

Segment your network Encrypt your data Manage your users

3. Manage your users

Remote Access

Secure

1 2 3 4

Segment your network Encrypt your data Manage your users Document all activity

3. Manage your users

4. Document all activity

Thank you! www.netop.com

info.us@netop.com

(866) 725-7833

Initial

Attack

Vector

Initial

Attack

Vector

20 Critical Security Controls NSA Rank

CSC1Inventory H/W Assets, Criticality,

and LocationVery High

CSC2Inventory S/W Assets, Criticality,

and LocationVery High

CSC3Secure Configuration of Servers

and HardwareVery High

CSC4Vulnerability Assessment

and RemediationVery High

Initial

Attack

Vector

Security Professionals

Hackers

We WILL Fail

200 Days

Home Depot

Hit By Same

Malware as

TargetKrebs on Security

September 14, 2014

Card Losses

Reputation

Bankruptcy

SAFE FAST SENSITIVE

PCIDSS Level 1

55FAST

Data7M Transaction / Day

4x growth -> 2x speed

Coverage Map

http://goo.gl_3uDFKP

Transactions/Day

Performance

Chain Public Rippleshot AdvantageSpec's Wine & Spirits Mar 20, 2014 Mar 29, 2013 11.7 months

Aaron Brothers Apr 17, 2014 Aug 6, 2013 8.4 months

Neiman Marcus Jan 23, 2014 Oct 11, 2013 3.4 months

Target Dec 18, 2013 Nov 29, 2013 19 days

Michael’s Jan 25, 2014 Dec 10, 2013 1.5 months

California DMV Mar 22, 2014 Jan 22, 2014 1.9 months

Home Depot Sep 2, 2014 Mar 8, 2014 5.9 months

Dairy Queen Aug 27, 2014 Mar 8, 2014 5.7 months

The UPS Store Aug 20, 2014 Mar 8, 2014 5.4 months

Goodwill Industries Jul 14, 2014 Mar 8, 2014 4.2 months

Splash Car Wash Jun 26, 2014 Mar 8, 2014 3.6 months

Sally Beauty Supply Mar 14, 2014 Mar 8, 2014 6 days

PF Chang’s Jun 11, 2014 Mar 25, 2014 2.6 months

Supervalue Aug 15, 2014 Apr 6, 2014 4.3 months

Beef 'O' Brady's Sep 10, 2014 Apr 6, 2014 5.2 months

4.3 Months

SENSITIVE

61SENSITIVE

Use Case

Start of Breach: April 1st

Public Announcement: September 2nd

Total Cards: 56M

with Rippleshot: 5.6M

Rippleshot Detection: April 15th

Total Fraud Spend: $2B and climbing

with Rippleshot: $200M

Home Depot

RETAIL CYBERTHREATSUMMIT

How retailers can mitigate fraud

associated with stolen credit cards

69© COPYRIGHT • IOVATION 69© COPYRIGHT • IOVATION

SCOTT WADDELL, IOVATION

(503) 943-6768

scott.waddell@iovation.com

www.iovation.com

@svwaddell

SCOTT WADDELLChief Technology Officer

BATTLING ID THEFT AND CREDIT CARD FRAUD

RECOGNIZING EVERY DEVICE

From smartphones to

gaming consoles, if a device

can access the Internet,

iovation will recognize it.

DEVICE INTELLIGENCE PROCESS

Is this device

making a

fraudulent

transaction?

1. IDENTIFICATION

2. ASSOCIATIONS

3. ANOMALIES

4. REPUTATION

Has anyone seen this device?

Has anyone had a bad experience?

Is the device guilty by its

association?

Have any device anomalies

been found?

PROTECTION AT CUSTOMER TOUCH POINTS

RETAILER: FRAUD SCREENING PROCESS

ReputationManager 360Transactions

and Outcomes

Real-Time

Scoring

Review

DEVICES: UNIQUELY IDENTIFIED AND ASSOCIATED

ACTIVITY: CREDIT PROCESSOR RETAILERS

DEVICE INTELLIGENCE: SHARED ACROSS INDUSTRIES

DEVICE INTELLIGENCE NETWORK

Total Reputation Checks

Known Devices

Verified Frauds

Reputation Checks per Day

Incidents Stopped per Day

Active Fraud Analysts

15 Billion

2 Billion

20 Million

12 Million

200,000

SPOTTING FRAUDSTER EVASION

FRAUDSTER TECHNIQUES

• Using a Proxy

• Disabling JavaScript

• Blocking Device Identification

• Manipulating Device Attributes

IOVATION COUNTERMEASURES

• Proxy Detection

• Real IP Proxy Piercing

• Tor Detection

• Time Zone Mismatch

• Geolocation Velocity & Mismatch

• Insufficient / Malformed Device Data

• Multi-Domain Recognition

• Device and IP Risk Profiling

TIME ZONE LANGUAGEIP PROFILES GEOLOCATIONCLOAKING

POWERFUL RULES ENGINE: MAKE IT WORK FOR YOU

EVIDENCE

Identifies risky devices

already associated with fraud

in iovation’s fraud records.

GEOLOCATION

Gets users actual location

with Real IP reveals

unauthorized country, TOR

and more.

VELOCITY

Set thresholds for too many

transactions or multiple

devices accessing account.

WATCH LIST

Create your own custom-built

positive or negative lists

based on your specific fraud.

RISK PROFILE

Indicates when a device has

characteristics similar to other

groups of risky devices.

AGE-BASED

Shows the amount of history

that you have with a paired

account and device.

ANOMALY

Reveals when the device has

risky characteristics or is

trying to evade detection.

COMPOUND

Combine multiple rules to

expand use case and

pinpoint specific fraud

behavior.

TYPICAL CASE: LOSS AT 4 BUSINESSES

SHARING INTELLIGENCE ACROSS INDUSTRIES

CommunitiesFinancial Gaming GamblingRetail

VALUE OF SHARING

Sharing automatically gives you

access to fraud evidence placed

by other iovation clients.

12/12/2014

Jeremy HenleyDirector of Breach Services

760-304-4761

Jeremy.henley@idexpertscorp.com

12/12/2014

Data Breach is a “Legal” Construct

* The definition of “data breach” varies across specific legislation and rules. In US states, many include a “harm threshold”

12/12/2014

• Complete a Privacy & Security Assessment

• Develop or review Incident Response Plan

• Test your plan

• Repeat

12/12/2014

Be Prepared- Have a Team and a Plan

12/12/2014

You will need a repeatable methodology for data breach response to reduce

risks and reach a positive outcome

• Discovery

• Analysis

• Formulate

• Respond